Monday, 20 April 2015

Here is a document that you asked

Here is a document that you asked with zip attachment...

Headers:
From: {random email}
Subject: {random}
Message body:
hi

Here is a document that you asked
Attached to the email is a Zip file (Note: filename is random}
scan 59334.zip
Inside the Zip file is a Windows Executable file:
scan 59334.scr
Sha256 Hashes:
 2191354418154983ab885cc8063bd5c9a50bda057794c61ee7556930e4f33fbb [1]

Malware Anti-Virus Reports:
VirusTotal Report: [1] (hits 2/57 Virus Scanners)
Malwr Report: [1]

Summary:

Creates a windows hook that monitors keyboard input (keylogger)
Creates Zeus (Banking Trojan) mutexes
Creates an Alternate Data Stream (ADS)
Installs itself for autorun at Windows startup

Cheers,
Steve
Sanesecurity.com

No comments: